Overview
The General Data Protection Regulation (often called the 'GDPR') came into force via the Data Protection Act 2018. It controls the way personal information is used by organisations, businesses and the government.
Detailed information on the application of the law is available from the Information Commissioner's Office. This includes frequently asked questions for the health and social care sector.
Data protection principles
Everyone responsible for using personal data has to follow strict data protection principles. They must make sure the information is:
- used fairly, lawfully and transparently
- used for specified, explicit purposes
- used in a way that is adequate, relevant and limited to only what is necessary
- accurate and, where necessary, kept up to date kept for no longer than is necessary
- handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage.
There is stronger legal protection for more sensitive information, including (but not limited to):
- race
- ethnic background
- political opinions
- religious beliefs
- trade union membership
- biometrics (where used for identification), and
- health.
Here we address some of the data protection issues our members ask us about most often.